Update on Spectre and Meltdown Vulnerabilities and actions of Leica Biosystems regarding Aperio Scanners and Software, CytoVision, Ariol, SlidePath and SCN400
On January 4th, Intel and others announced the Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) set of vulnerabilities. Meltdown and Spectre are two vulnerability techniques researchers have discovered that exploit a flaw in computer processors. These vulnerabilities could allow malicious code to gain access to higher-privileged processes and data in memory across multiple operating systems.
These vulnerabilities are not exclusive to Leica Biosystems or medical devices. Early public reports indicate that this vulnerability issue potentially affects every processor-based computer and/or electronic device that has been manufactured over the last 5 to 10 years. To date, Leica Biosystems has not received any reports of these vulnerabilities affecting our products or services.
Several companies including Microsoft and Linux have recently released updates to help mitigate these vulnerabilities, with additional updates expected over the coming week. For additional updated information please refer to the link for the NH-ISAC bulletin:
As part of Leica Biosystems commitment to the privacy and security concerns of our customers, we are actively monitoring software updates related to these vulnerabilities. Our global security teams are evaluating Leica Biosystems Pathology Imaging products and solutions for potential impact and investigating further actions or software updates needed. Once investigations are complete, any applicable product-specific recommendations will be made available on this website, and through your local service teams. If you have already applied any of the available patches and have any issues with your scanner or software, please contact your regional Technical Support team.